Communication apparatus

ABSTRACT

A communication apparatus to be used between first and second communication groups, each including one or more communication terminals, that perform communications by different types of communication protocols capable of embedding address information, comprises a first storage unit storing a destination address, and tunnel identification information for the first communication group when a packet transmitted from the second communication group is registered; a destination retrieval unit which determines whether a destination address extracted from the received packet is registered in the first storage unit; a second storage unit, storing information indicating whether the route designated by the tunnel identification information is constructible by a private address or by a global address; an encapsulation processing unit which extracts the address information for the first communication group from the destination address; and a control unit controlling whether the encapsulation is to be in accordance with the information of the second storage unit.

BACKGROUND OF THE INVENTION

The present invention relates to a communication apparatus enabling anIntranet connection in a network where different communication protocolsmixedly exist.

At present, shifting from IPv4 (Internet Protocol version 4) to IPv6which has a vast address space in order to solve a problem that globaladdresses of IPv4 will dry up has attracted attention. However, most ofcommunications have been heretofore made using IPv4, and accordingly, itis substantially impossible to change all the communicationsinstantaneously to communication with IPv6.

Further, among apparatuses which have already operated and have beeninstalled with IPv4, some apparatuses require cost for expansion for thepurpose of enabling such IPv6 communication, and cannot substantiallyperform a change to enable the communication by IPv6.

Therefore, in order to shift IPv4 to IPv6, a method has been adopted,which gradually replaces the current apparatuses with an apparatus and arelay apparatus, which are capable of the IPv6 communication. As aresult, IPv4 and IPv6 mixedly exist on an IP network.

There are various shifting technologies enabling the IPv6 communicationon the conventional IPv4 network in the case of such shifting to IPv6.One of those technologies is a tunnel technology, in which an IPv6packet is encapsulated by an IPv4 header, communication is made by usingthe IPv4 header in an IPv4 network, and on a network or a terminal,which is capable of the IPv6 communication, the IPv4 header used for theencapsulation is detached to return (decapsulate) the encapsulatedpacket to the IPv6 packet.

Further, there are also various methods in this tunnel technology. Asone of the methods, there is an automatic tunnel method utilizing 6to4tunneling protocol. In a 6to4 tunnel, into an IPv6 address of an IPv6header in an IPv6 packet sent out from a terminal installed with IPv6,which is a transmission source (hereinafter, referred to as “IPv6terminal”), an IPv4 global address used when the IPv6 packet isencapsulated by IPv4 is embedded.

When the IPv6 packet passes through the IPv4 network, a terminal and arelay apparatus, which are located on an interface between IPv4 andIPv6, take out the IPv4 global address from the IPv6 address. Then,based on the taken-out IPv4 global address, the IPv4 header isautomatically created, and communications with the IPv6 packet are thusmade possible in the IPv4 network. Specifically, the 6to4 tunnel is oneof automatic tunnel technologies.

In order to use this 6to4 tunnel, the IPv6 communication is performed byusing an IPv6 address of a format in which higher-order 16 bits of theIPv6 address are a fixed value which is 2002 in the hexadecimalnumbering system and the IPv4 global address is embedded into 32 bitsfollowing this fixed value.

The IPv4 header for encapsulation can be automatically created from theIPv4 global address embedded in such a way. However, in the 6to4 tunnel,there is a regulation that this embedded IPv4 address must be a globaladdress (described in Chapter 2 of RFC3056 (Non-Patent document 1) whichdefines the 6to4 tunnel).

As defined in RFC 1918, IPv4 private addresses are addresses havingprefixes like 10/8, 172.16/12 and 192.168/16, and in any organization,these addresses can be freely used. Therefore, a case normally occurs,where terminals having the same private address exist in pluraldifferent organizations.

Meanwhile, in an IPv4 public network such as the Internet, a privateaddress cannot be used, and a global address must be used. This isbecause, when an arbitrary private address is used on the Internet, anaddress of a terminal overlaps the others, and the terminal cannot beidentified. In general, the tunnel of the 6to4 format is constructed onthe IPv4 public network, and accordingly, the private address has notbeen usable for the IPv4 address also in the case of using the tunnel ofthe 6to4 format.

Further, as known technologies for performing the encapsulation betweenthe different communication protocols and tunneling by using the privateaddress between private networks, the following are cited.

Patent document 1 discloses a technology for encapsulating, by a 6to4tunneling encapsulator, a communication between IPv6 domains separatedby IPv4 domains.

Patent document 2 discloses a technology, in which nodes which supportincompatible network layer protocols, such as IPv4 and IPv6, determine aprotocol set and perform automatic encapsulation therefor.

Patent document 3 discloses a technology for directly interconnectingthe private networks through the tunneling by using private IPaddresses.

[Patent document 1] JP 2003-510904 A

[Patent document 2] JP 2004-515165 A

[Patent document 3] JP 2003-273935 A

[Non-Patent document 1] B. Carpenter and another, “RFC3056”, [online],February 2001, [retrieved on Dec. 8, 2004], Internet <URL:http://rfc.net/rfc3056.html>

In the conventional techniques, there is a possibility that a packetusing a private address is transmitted to the public network in thetunnel technology such as a 6to4 tunnel technology, and accordingly, theprivate address has not been usable.

SUMMARY OF THE INVENTION

The present invention has been made in order to solve such a problem. Itis an object of the present invention to provide a communicationapparatus enabling the use of the private address in the network wherethe different communication protocols mixedly exist.

(1) In order to achieve the object, the present invention provides acommunication apparatus to be used between a first communication groupincluding one or two or more communication terminals that performcommunications by a first type of communication protocol and a secondcommunication group including one or two or more communication terminalsthat perform communications by a second type of communication protocolcapable of embedding address information for use in the firstcommunication group, characterized by including: a first storage unit,in which a destination address to the first communication group or thesecond communication group, and tunnel identification information foridentifying attribute information of a route specified by addressinformation for use in the first communication group when a packettransmitted from the second communication group via the firstcommunication group to another second communication group isencapsulated by the address information for use in the first group andpassed through the first communication group, are registered; adestination retrieval unit which makes retrieval as to whether or not adestination address extracted from the received packet is registered inthe first storage unit; a second storage unit, in which communicationenable/disable information indicating whether or not the route on thefirst communication group, the route being designated by using thetunnel identification information, is constructible by a private addressor whether or not the route is constructible by a global address, isregistered; an encapsulation processing unit which extracts the addressinformation for use in the first communication group from thedestination address to encapsulate the packet; and a control unit whichmakes control as to whether or not the encapsulation is to be performedin accordance with the communication enable/disable information of thesecond storage unit.

According to the present invention, in the communication apparatus to beused between the first communication group including one or two or morecommunication terminals which perform communications by the first typeof communication protocol and the second communication group includingone or two or more communication terminals which perform communicationsby the second type of communication protocol capable of embeddingaddress information for use in the first communication group, in thecase of transmitting the packet via the first communication group,whether or not the encapsulation including extracting the addressinformation for use in the first communication group from thedestination address is to be performed can be determined under controlin accordance with the communication enable/disable information in thesecond storage unit.

(2) Further, the apparatus according to the present invention ischaracterized by further including: a decapsulation information storageunit in which information for identifying a packet as an object ofdecapsulation which restores the encapsulated packet to an original formthereof is registered; and a decapsulation processing unit whichdecapsulates the received packet in accordance with the information inthe decapsulation information storage unit.

According to the communication apparatus of the present invention, thereceived packet is decapsulated in accordance with the information inthe decapsulation information storage unit, and accordingly, the packetas the object of the decapsulation can be determined efficiently.

(3) Further, the apparatus according to the present invention ischaracterized by further including: a discarded information storage unitin which information indicating whether or not the received packet is apacket to be discarded is registered; and a packet discard-unit whichdiscards the received packet in accordance with the information in thediscarded information storage unit.

According to the communication apparatus of the present invention, thereceived packet is discarded in accordance with the information in thediscarded information storage unit, and accordingly, a desired packetcan be discarded.

(4) Further, the apparatus according to the present invention ischaracterized in that the first storage unit further includesencapsulation information indicating whether or not the encapsulation isto be performed by IPv4 or IPv6, and the encapsulation processing unitencapsulates the packet by IPv4 or IPv6 in accordance with theencapsulation information.

According to the communication apparatus of the present invention,desired encapsulation processing can be executed for the received packetwith reference to the encapsulation information indicating whether ornot the encapsulation is to be performed by IPv4 or IPv6 for apredetermined destination address.

(5) Further, the apparatus according to the present invention ischaracterized in that the second storage unit further includes packetconversion information indicating whether or not a packet of a 6to4format is to be encapsulated, and the encapsulation processing unitencapsulates the packet of the 6to4 format in accordance with the packetconversion information.

According to the communication apparatus of the present invention, thereceived packet is converted into the packet of the 6to4 format inaccordance with the packet conversion information indicating whether ornot the packet of the 6to4 format is to be encapsulated. Accordingly,6to4 encapsulation processing can be executed for a packet to betransmitted to a predetermined destination address.

(6) Further, the apparatus according to the present invention ischaracterized in that the encapsulation processing unit executes thediscard of the packet or the encapsulation processing for the packet inaccordance with the communication enable/disable information.

According to the communication apparatus of the present invention, thediscard of the packet or the encapsulation processing for the packet isexecuted in accordance with the communication enable/disableinformation. Accordingly, the discard of the packet or the encapsulationprocessing for the packet can be executed on a tunnel basis.

(7) Further, the apparatus according to the present invention ischaracterized in that the encapsulation processing unit is capable ofreferring to plural pieces of tunnel identification informationregistered in a second table, and the encapsulation processing unitrefers to, for each tunnel, information indicating whether or not toexecute each of a first method permitting only a communication in whichthe destination address is the global address and a second methodpermitting only a communication in which the destination address is theprivate address.

According to the communication apparatus of the present invention, theinformation indicating whether or not to execute each of the firstmethod permitting only the communication in which the destinationaddress is the global address and the second method permitting only thecommunication in which the destination address is the private address isreferred to on a tunnel basis. Accordingly, desired packet processingcan be executed for each type of the destination address.

(8) Further, the apparatus according to the present invention ischaracterized in that, when a tunnel packet in which the destinationaddress is the global address is received with respect to a tunnelinterface in which only the second method is selected, the encapsulationprocessing unit discards the tunnel packet without performing thecommunication.

According to the communication apparatus of the present invention, onlythe tunnel packet in which the destination address is the global addressis discarded. Accordingly, the packet with the global address can beprevented from being transmitted to a network in which the privateaddress is used.

(9) Further, the apparatus according to the present invention ischaracterized in that, when a packet having an IPv6 address in which anIPv4 global address for use in a first network is embedded as thedestination address is encapsulated into an IPv4 packet and transmittedto the tunnel interface in which only the second method is selected, theencapsulation processing unit discards the packet having the IPv6 packetwithout setting the packet as an object to be transmitted.

According to the communication apparatus of the present invention, whenthe packet having the IPv6 address in which the IPv4 global address isembedded is converted into the tunnel packet of the 6to4 format andtransmitted, the tunnel packet is discarded without being set as theobject to be transmitted. Accordingly, the packet with the globaladdress can be prevented from being transmitted to the network in whichonly the private address is used.

(10) Further, the apparatus of the present invention is characterized inthat, when the packet in which the destination address is encapsulatedby the IPv4 global address is received with respect to a tunnelinterface in which only the first method is selected, or when the packetin which the destination address is the IPv6 address having the IPv4global address embedded thereinto is encapsulated into the IPv4 packetand transmitted to the tunnel interface, the encapsulation processingunit transmits/receives the encapsulated packet without discarding theencapsulated packet.

According to the communication apparatus of the present invention, whenthe tunnel packet of the 6to4 format, in which the destination addressis the IPv4 global address, is received, or when the packet, in whichthe destination address is the IPv6 address having the IPv4 globaladdress embedded thereinto is converted into the tunnel packet of the6to4 format and transmitted, the tunnel packet is transmitted/receivedwithout being discarded. Accordingly, the packet with the global addresscan be transmitted/received even in a network where the private addressand the global address mixedly exist.

(11) Further, the apparatus according to the present invention ischaracterized in that, when a setting of executing the first method orthe second method is made, the encapsulation processing unit refers toinformation indicating whether or not to enable the setting when thepacket is transmitted or when the packet is received.

According to the communication apparatus of the present invention, whenthe setting of executing the first method or the second method is made,the information indicating whether or not to enable the setting when thepacket is transmitted or when the packet is received is referred to.Accordingly, the transmission/receipt of the packet can be controlled ona tunnel basis.

DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view showing a configuration of a network in which a tunnelis provided in an in-house communication.

FIG. 2 is a block diagram explaining a relay apparatus of the presentinvention.

FIG. 3 is a view showing a configuration example of a decapsulationtable.

FIG. 4 is a view showing a configuration example of a destination table.

FIG. 5 is a view showing a configuration example of an encapsulationtable.

FIG. 6 is a flowchart showing operations of a decapsulation check unit.

FIG. 7 is a flowchart showing operations of a destination retrievalunit.

FIG. 8 is a flowchart showing operations of an encapsulation check unit.

FIG. 9 is a flowchart showing operations of the encapsulation checkunit.

FIG. 10 is a view showing a configuration example of a network usingIPv6 addresses having IPv4 private addresses embedded thereinto in acase of providing tunnels of a 6to4 format.

DETAILED DESCRIPTION OF THE INVENTION

An in-house communication system according to an embodiment of thepresent invention will be described below with reference to thedrawings. A configuration of the embodiment is described forillustration, and the present invention is not limited to theconfiguration of the embodiment. Note that the present invention can beimplemented by using hardware and software. In the case of implementingthe present invention by the software composed of a program, variousfunctions can be realized by installing the program constituting thesoftware in the hardware such as a computer. Further, the program isinstalled in the computer and the like through a communication line orby using a computer-readable storage medium.

Here, the computer-readable recording medium means a recording mediumcapable of accumulating data and information regarding the program bymeans of an electric, magnetic, optical, mechanical or chemical functionand reading the information from the computer. As ones detachable fromthe computer among such recording media, for example, there are aflexible disk, a magneto-optical disc, a CD-ROM, a CD-R/W, a DVD, a DAT,an 8-mm tape, a memory card, and the like. Further, as recording mediafixed to the computer, there are a hard disk, a ROM (read only memory),and the like.

[Configuration of In-House Communication System]

FIG. 1 is a view showing a configuration example of a network in which atunnel is constructed in an in-house communication. An in-housecommunication system is composed of an IPv4 in-house network 2,terminals (hereinafter, referred to as “IPv6 terminals”) which areconnected to the IPv4 in-house network 2 and installed with IPv6creating IPv6 packets, and routers A to C as relay apparatuses.

Although each of the IPv6 terminals A and B is illustrated as oneterminal, each of the IPv6 terminals A and B may be a communicationgroup including two or more communication terminals in the presentinvention. In a similar way, the IPv4 in-house network 2 may be acommunication group including one or two or more communicationterminals. Further, in this embodiment, it is assumed that thecommunication group includes terminals (hereinafter, referred to as“IPv4 terminals”) installed with IPv4 creating IPv4 packets.Specifically, when the communication group is composed of pluralterminals, the communication group includes the IPv4 terminal besidesthe IPv6 terminal in some cases.

Further, the router A and the router B are illustrated independently ofthe IPv6 terminals, the IPv6 terminals may be composed such that afunction of each router (relay apparatus), which will be described fromnow on, serves as a part of a function in the IPv6 terminal.

Considering the use of a 6to4 tunnel in the in-house network, IPv4private addresses can be assigned in a single organization withoutoverlapping each other. As an example, the case where an embeddeddestination IPv4 address is a private address (10. 11. 12. 13) as shownin FIG. 1 will be described.

Into a packet which is created (generated) from the IPv6 terminal A andhas a destination 6to4 address (2002: 10. 11. 12. 13:yyyy . . . ), thedestination IPv4 private address is embedded.

The router A which has received the IPv6 packet from the IPv6 terminal Aextracts the destination IPv4 private address from the IPv6 packet,encapsulates the IPv6 packet by an IPv4 header (IPv4), and transmits anIPv4 capsule to the router B through the IPv4 in-house network 2. Then,the router B detaches the IPv4 header of the received packet (IPv4capsule) (decapsulation), and transmits the IPv6 packet to the IPv6terminal B.

In contrast to this, when the IPv6 terminal A transmits a packet to therouter C, the IPv6 terminal A creates an IPv4 capsule encapsulated by aprivate address. The router C decapsulates the received IPv4 capsule.Further, when it is determined that a destination address of the IPv4capsule received by the router C is a global address and that atransmission source address is a private address, the IPv4 address isdiscarded without being transmitted to a public network. In such a way,it becomes possible to use the private address for the IPv4 address alsoin the case of using the tunnel of the 6to4 format. Specificconfigurations and operations will be described later.

[Internal Configuration Example of Relay Apparatus 4]

FIG. 2 is a diagram showing an example of an internal configuration of arelay apparatus 4. The relay apparatus 4 is shown as an example of aninternal configuration of each of the routers A to C of FIG. 1 shows aninternal configuration for encapsulating and decapsulating the packets.Further, it is possible to realize the configuration of the relayapparatus 4 by each of a communication terminal, a server, and anapparatus on a network where the tunnel of the 6to4 format can beprovided.

The relay apparatus 4 is composed of (1) a frame identification unit 6which identifies a received packet of IP or the like, (2) adecapsulation check unit 8 which determines whether the packet is anobject to be decapsulated, (3) a destination retrieval unit 10 whichdetermines an output destination of the packet based on a destinationaddress, (4) an encapsulation check unit 12 which encapsulates thepacket determined as the object to be encapsulated by the destinationretrieval unit 10, and (5) a QoS/Filter control unit 14 which performsQoS control and filtering processing for the packet.

A decapsulation table 16, a destination table 18 and an encapsulationtable 20 are used in the decapsulation check unit 8, the destinationretrieval unit 10 and the encapsulation check unit 12, respectively. Asetting of each table is executed by a computer connected to the relayapparatus 4, an operation unit (not shown) provided in the relayapparatus 4, and the like. The relay apparatus 4 processes the packet inaccordance with a setting value of each table thus set.

Further, the decapsulation check unit 8 determines whether or not todecapsulate the received packet such as (i) a packet transmitted throughthe 6to4 tunnel and (ii) a packet transmitted from an IPv4 terminalbelonging to the IPv4 in-house network 2 without passing through the6to4 tunnel. For example, the decapsulation check unit 8 is a processingunit which functions in the router B which receives the packet from theIPv6 terminal A in FIG. 1.

The encapsulation check unit 12 determines whether or not to encapsulatethe received packet such as (i) a packet to be transmitted to the 6to4tunnel, (ii) the packet received from the 6to4 tunnel and (iii) a packettransmitted from an IPv4 terminal or an IPv6 terminal, which belongs tothe IPv4 in-house network 2, without passing through the 6to4 tunnel.For example, the encapsulation check unit 12 is a processing unit whichfunctions in the router A or the router C, which receives the packetfrom the IPv6 terminal A in FIG. 1.

The respective constituent elements of (1) the frame identification unit6, (2) the decapsulation check unit 8, (3) the destination retrievalunit 10, (4) the encapsulation check unit 12, and (5) the QoS/Filtercontrol unit 14 will be described below.

(1) The frame identification unit 6 identifies input packet (receivedpacket), and performs extraction of information such as an address andchecking of a header error and the like. This is a function of theconventional relay apparatus. (2) Next, the decapsulation check unit 8is a block which determines whether or not the received packet is theobject to be decapsulated. When it is determined by the frameidentification unit 6 that the received packet is encapsulated, thedecapsulation check unit 8 extracts an IP address from an external IPheader of the encapsulated packet (packet in which the external IPheader and an internal IP header exist). Then, the decapsulation checkunit 8 searches the decapsulation table by using the extracted IPaddress as a search key.

The IP address extracted by the decapsulation check unit 8 is an IPaddress (IP DA) and a transmission source IP address (IP SA), which areshown in FIG. 3. In this embodiment, the extracted IP address is an IPv4address included in the external IP header of the received packet.Further, IP addresses shown in FIG. 3 and FIG. 4 are network addressesor host addresses.

The decapsulation table 16 (corresponding to “discarded informationstorage unit” of the present invention) is a table which storesinformation for determining whether or not the packet is the object tobe decapsulated. FIG. 3 shows an example of details of contents of thedecapsulation table 16. In FIG. 3, a discard flag is acquired by usingan external header IP address (transmission source address/destinationaddress) as a search key. If the discard flag is “1”, the packetconcerned is discarded. If the discard flag is “0”, the packet issubjected to the next processing without being discarded. Further, onlyany of the transmission source addresses and the destination addressesmay be set in the decapsulation table 16.

When the received packet is an object to be decapsulated (packet havingthe IP address hit by the search of the decapsulation table) as a resultof searching the decapsulation table 16, the packet is decapsulated.Note that, if the discard flag is “1” in this case, the packet isdiscarded and not subjected to the subsequent processing. Thedecapsulation processing is processing for detaching the external IPheader. Note that the decapsulation check unit 8 has a function to referto the decapsulation table 16.

A private address is registered as the destination IP address (IP DA) ofthe decapsulation table, and the discard flag is set to “0”, thus alsoenabling decapsulation processing for a tunnel constructed by theprivate address.

Further, unless the private address is registered in the decapsulationtable, the private address does not become an object of thedecapsulation. Specifically, as shown in FIG. 6, a packet that is not anobject of the decapsulation is passed to the destination retrieval unit10 without being discarded. For example, a packet transmitted from anIPv4 terminal through the IPv4 in-house network 2 to another IPv4terminal is not registered in the decapsulation table 16. Varioussettings are possible in a combination of the transmission sourceaddress which is a private address or a global address and thedestination address which is a private address or a global address.

Further, the private address and the global address are registered inthe decapsulation table, and the discard flags thereof are set to “1”,thus also making it possible to set the received packet as an object tobe discarded. For example, the discard flag is set as a filter for anattack packet.

Further, “don't care” is set as a data mask for the transmission sourceaddress of FIG. 3, thus also making it possible to discard all thepackets to a transmission destination address “e” without specifying thetransmission source address.

(3) Next, the destination retrieval unit 10 (corresponding to“destination retrieval unit” of the present invention) determines theoutput destination (tunnel number, transmission destination terminal,and the like) based on the destination IP address. Further, thedestination retrieval unit 10 performs the same processing as routingprocessing and bridge relay processing, which a general relay apparatususually performs.

First, the destination retrieval unit 10 refers to and searches thedestination table by using the destination address of the external IPheader of the packet as a search key. However, when the received packetis the packet which has become the object of the decapsulation in thedecapsulation check unit 8, the destination address of the external IPheader of the packet is a destination address of the internal IP headerof the packet when receiving the packet.

The destination table 18 (corresponding to “first storage unit” of thepresent invention) is a table for acquiring information regarding towhich transmission destination (tunnel) the packet is to be transmittedby using the destination address as the search key. FIG. 4 shows anexample of details of contents of the destination table 18.

The destination retrieval unit 10 acquires destination information, anIPv4 encapsulation flag, an IPv6 encapsulation flag, a tunnel number andthe like from the destination table by using the destination address ofthe packet as the key. The destination information is such informationas to indicate which transmission destination the packet is to beoutputted to, and is similar to destination information owned by a usualrelay apparatus.

The IPv4 encapsulation flag is a flag indicating whether or not thereceived packet is to be encapsulated by the IPv4 header. If the IPv4encapsulation flag is “1”, it is indicated that the received packet isan object of processing for which the IPv4 capsule is to be created. Ifthe IPv4 encapsulation flag is “0”, it is indicated that the receivedpacket is not the object of the processing for which the IPv4 capsule isto be created.

Further, the IPv6 encapsulation flag is a flag indicating whether or notthe received packet is to be encapsulated by the IPv6 header. If theIPv6 encapsulation flag is “1”, it is indicated that the received packetis an object of processing for which the IPv6 capsule is to be created.If the IPv6 encapsulation flag is “0”, it is indicated that the receivedpacket is not the object of the processing for which the IPv6 capsule isto be created.

Finally, the tunnel number is a number virtually assigned to eachtunnel, and is used in the case of acquiring information (information ofthe encapsulation table) regarding what type of tunnel is to be providedfor each destination address.

Further, if the destination address is a destination address hit by thesearch of the destination table, and both of the IPv4 encapsulation flagand the IPv6 encapsulation flag are 0, then usual relay processing isperformed for the received packet based on the destination information,and the packet is passed to the QoS/Filter control unit 14.

If any of the IPv4 encapsulation flag and the IPv6 encapsulation flag is1, then the packet is regarded as the object to be encapsulated, andafter the tunnel number is acquired, the processing is shifted to theencapsulation check unit 12.

(4) The encapsulation check unit 12 (corresponding to “encapsulationprocessing unit” of the present invention) performs the encapsulationfor the received packet. Note that the encapsulation processing unit maybe defined to include not only the encapsulation check unit 12 but alsothe destination retrieval unit 10 and the QoS/Filter control unit asprocessing units for the encapsulation processing for the packet throughthe output thereof.

The encapsulation check unit 12 refers to and searches the encapsulationtable (corresponding to “second storage unit” of the present invention)based on the tunnel number obtained by the destination retrieval unit10. If the IPv4 encapsulation flag referred to and acquired by thedestination retrieval unit 10 is “1”, the encapsulation check unit 12searches an encapsulation table for IPv4. Meanwhile, if the IPv6encapsulation flag is “1”, the encapsulation check unit 12 searches anencapsulation table for IPv6. Specifically, the relay apparatus has theplural encapsulation tables during a shifting period to IPv6. Theencapsulation check unit 12 determines the encapsulation table to bereferred to and searched in accordance with the set encapsulation flag.

Further, in the 6to4 format, the packet is encapsulated with the IPv4header. An example of contents of the encapsulation table for IPv4 isshown in FIG. 5. The encapsulation check unit 12 acquires a 6to4 flag, aprivate address check flag, a global address check flag, and headerinformation by using a tunnel number in FIG. 5 as a search key. Here,the header information is information indicating contents (TTL, IP DA/SAand the like) of the header for the encapsulation.

The 6to4 flag is a flag indicating whether or not this capsule is of the6to4 format. If this field is “1”, the encapsulation check unit 12determines that a setting of the private address check flag and asetting of the global address check flag are effective.

Further, if the field of the 6to4 flag is “1”, the IPv4 address for usein the encapsulation is acquired from the IPv6 address of the receivedpacket, and the encapsulation check unit 12 ignores contents ofdestination address/transmission source address (addresses on both endsof the capsule) predefined in the header information of theencapsulation table 20.

If the field of the 6to4 flag is “0”, the encapsulation check unit 12determines that the tunnel is not of the 6to4 format. Specifically, thedestination address/transmission source address (addresses on both endsof the capsule) become effective. The encapsulation check unit 12encapsulates the received packet in order to provide the tunnel by asetting value of the header information.

When the tunnel of the 6to4 format is set (when the field of the 6to4flag is “1”), the encapsulation check unit 12 acquires setting values ofthe private address check flag and the global address check flag.

The private address check flag is a flag indicating whether or not checkis to be made as to whether or not the IPv4 address extracted from theIPv6 address of the 6to4 format in the packet to be transmitted is aprivate address. The global address check flag is a flag indicatingwhether or not check is to be made as to whether or not the IPv4 addressextracted from the IPv6 address of the 6to4 format in the packet to betransmitted is a global address. If the check flag is “1”, a type(private, global) of the address is checked.

When the address in question matches the private address or the globaladdress as a result of checking the type of the address, theencapsulation check unit 12 discards the packet. For example, when theprivate address check flag is “1”, and the extracted IPv4 address is theprivate address, the encapsulation check unit 12 discards the receivedpacket.

In such a way, when the relay apparatus 4 outputs the packet to thetunnel, the encapsulation check-unit processes the packet with referenceto settings of permission/inhibition of the transmission in each of theprivate address and the global address. Further, when the relayapparatus 4 outputs the packet to a public network or other in-housenetworks, the encapsulation check unit processes the packet withreference to settings of permission/inhibition of the transmission ineach of the private address and the global address.

Hence, for each tunnel, it is possible to perform such settings andreferences as (i) to permit only the transmission of the global address,(ii) to permit only the transmission of the private address, and (iii)to permit the transmissions of the global address and the privateaddress.

After the encapsulation check unit 12 performs the encapsulationprocessing for the packet, the destination retrieval unit 10 performsthe destination retrieval by using the encapsulated external IP headeragain, and passes the packet to the QoS/Filter control unit 14.

(5) The QoS/Filter control unit 14 is a processing unit which performsthe QoS control and the filtering processing for the packet. Further,the QoS/Filter control unit 14 may be the same as those provided in theconventional relay apparatus.

Through the processing described above, functional settings regarding,for example whether to permit the use of the global address/privateaddress or not in the tunnel of the 6to4 format can be made. Next, therespective flows in the decapsulation check unit 8, the destinationretrieval unit 10 and the encapsulation check unit 12 will be describedwith reference to FIG. 6 to FIG. 8. FIG. 6 to FIG. 8 are views showingexamples where the received packet is the IPv4 packet or the IPv6packet. Note that each processing flow is presented for illustration,and each processing is not limited to this.

[1. Explanation of Flow of Decapsulation Check Unit 8]

FIG. 6 is a flowchart showing operations of the decapsulation check unit8. The decapsulation check unit 8 receives an encapsulated packet or apacket which is not encapsulated from the frame identification unit(S10).

The decapsulation check unit 8 extracts the destination address andtransmission source address of the external IP header of the receivedpacket, and refers to/searches the decapsulation table 16 by using theextracted addresses as a search key (S11, S12). When the destinationaddress and the transmission source address are registered in thedecapsulation table 16, the decapsulation check unit 8 acquires asetting value of the discard flag correlated with these addresses (S13).

When the discard flag is “0”, the decapsulation check unit 8 detachesthe external IP header, and passes the decapsulated packet to thedestination retrieval unit 10 (S14, S15). Specifically, the packet inwhich the discard flag is “0” is an encapsulated packet.

Meanwhile, when the destination address or the transmission sourceaddress is not registered in the decapsulation table 16, thedecapsulation check unit 8 passes the packet to the destinationretrieval unit 10 without decapsulating the packet (S16). Thedecapsulation check unit 8 discards the packet in which the discard flagis “1” (S17)

[2. Explanation of Flow of Destination Retrieval Unit 10]

FIG. 7 is a flowchart showing operations of the destination retrievalunit 10. The destination retrieval unit 10 receives the packetdecapsulated by the decapsulation check unit 8 or the packet which isnot decapsulated thereby. Then, the destination retrieval unit 10extracts the destination address of the external IP header, and refersto and searches the destination table 18 by using the extracteddestination address as a search key (S20). Note that, when thedestination retrieval unit 10 receives the packet encapsulated by theencapsulation check unit 20, usual transmission processing is performed.

When the destination address is registered in the destination table 18(“Yes” in S21), the destination retrieval unit 10 acquires a value ofthe IPv4 encapsulation flag. Meanwhile, when the destination address isnot registered in the destination table 18, the destination retrievalunit 10 passes the packet to a CPU (central processing unit) in therelay apparatus 4 (S22).

When the acquired value of the IPv4 encapsulation flag is “1”, thedestination retrieval unit 10 acquires a value of the tunnel numbercorrelated with the destination address, and passes the acquired valueto the encapsulation check unit 12 (S23, S24). When the acquired valueof the IPv4 encapsulation flag is “0”, the destination retrieval unit 10acquires a value of the IPv6 encapsulation flag.

When the acquired value of the IPv6 encapsulation flag is “1”, thedestination retrieval unit 10 acquires the value of the tunnel numbercorrelated with the destination address, and passes the acquired valueto the encapsulation check unit 12 (S25, S26). When the acquired valueof the IPv6 encapsulation flag is “0”, the destination retrieval unit 10acquires the destination information from the destination table 18, andpasses the packet to the QoS/Filter control unit 14 (S27). TheQoS/Filter control unit 14 functions similarly to the existing relayapparatus.

As described above, the destination retrieval unit 10 passes the packetas the object of the IPv4 encapsulation and the packet as the object ofthe IPv6 encapsulation to the encapsulation check unit 12.

[3. Explanation of Flow of Encapsulation Check Unit 12]

FIG. 8 and FIG. 9 are flowcharts showing operations of the encapsulationcheck unit 12. The encapsulation check unit 12 determines whether thereceived packet is the packet as the object of the IPv4 encapsulation orthe packet as the object of the IPv6 encapsulation (S30).

When the received packet is the packet as the object of the IPv6encapsulation, the encapsulation check unit 12 refers to and searchesthe encapsulation table 20 by using the tunnel number as a search key,and acquires information corresponding to the tunnel number (S31). Next,the encapsulation check unit 12 creates the external IPv6 header byusing the header information, thereby creating the IPv6 capsule (S32).The created IPv6 capsule is passed to the destination retrieval unit 10(S33).

Specifically, when the destination address is “f” in accordance with thesetting of “IPv6 encapsulation flag=1” shown in FIG. 4, and the tunnelnumber correlated with the destination address “f”, which is shown inFIG. 5, is “20”, the IPv6 capsule is created by using the headerinformation of the encapsulation table (S31, S32).

When the received packet is the packet as the object of the IPv4encapsulation, the encapsulation check unit 12 searches theencapsulation table 20 by using the tunnel number as a search key, andacquires the information corresponding to the tunnel number (S34).

When the 6to4 flag is “0”, in order to create the IPv4 capsule by usingthe IPv4 address embedded into the destination address, the IPv4 addressfor the encapsulation is extracted from the address of the IPv6 header(S36). When the 6to4 flag is “0”, the external IPv4 header is created byusing the header information set in the encapsulation table, therebycreating the IPv4 capsule (S37). The created IPv4 capsule is passed tothe destination retrieval unit 10 (S38).

When the 6to4 flag is “1”, the “private address flag check” and the“global address flag check”, which are shown in FIG. 5, becomeeffective. When the private address flag check is “1”, the encapsulationcheck unit 12 determines whether or not the extracted IPv4 address isthe private address (S40). When the extracted IPv4 address is theprivate address, the encapsulation check unit 12 discards the packet(S41).

When the extracted IPv4 address is not the private address, theencapsulation check unit 12 creates the external IPv4 header from theheader information of the received packet, thereby creating the IPv4capsule (S42). The created IPv4 capsule is passed to the destinationretrieval unit 10 (S43). Here, the created IPv4 capsule is transmittedto the IPv4 public network through the 6to4 tunnel using the destinationglobal address. When the private address flag is not “1” in thedetermination of S39, the encapsulation check unit 12 shifts the controlto the processing of FIG. 9.

Subsequently, the flowchart of the encapsulation check unit 12 will bedescribed with reference to FIG. 9.

When the “global address flag check” shown in FIG. 5 is “0”, theencapsulation check unit 12 creates the external IPv4 header from theheader information of the received packet, thereby creating the IPv4capsule (S48). Then, the created IPv4 capsule is passed to thedestination retrieval unit 10 (S49).

When the global address flag check is “1”, the encapsulation check unit12 determines whether or not the extracted IPv4 address is the globaladdress (“Yes” in S43, S44). When the extracted IPv4 address is theglobal address, the encapsulation check unit 12 discards the packet(S45).

When the extracted IPv4 address is not the global address, theencapsulation check unit 12 creates the external IPv4 header from theheader information of the received packet, thereby creating the IPv4capsule (S46). Then, the created IPv4 capsule is passed to thedestination retrieval unit 10 (S47). For example, the created IPv4capsule is transmitted to the IPv4 in-house network 2 through the 6to4tunnel using the destination private address.

As described above, the encapsulation check unit 12 refers to thesetting of the encapsulation table 20, and thus determines the type ofthe encapsulation (encapsulation of the 6to4 format, the encapsulationbased on the header information of the encapsulation table), andexecutes the discarding or encapsulation of the packet in accordancewith the type of the destination address (S35 to S49, corresponding to“control unit” of the present invention).

FIG. 10 is a view showing a configuration example of a network using theIPv6 address having the IPv4 private address embedded thereinto in thecase of performing a communication by using the tunnel of the 6to4format. In FIG. 10, an example is shown, where the same private addressis set at the IPv6 terminal A connected to the IPv4 in-house network 2of the organization A and at the IPv6 terminal B connected to the IPv4in-house network 2 of an organization B. In an IPv6 public network, useof the private address is prohibited.

In the example shown in FIG. 10, if the IPv6 terminal A and the IPv6terminal B make communications with each other, the communication ismade by IPv6 in the IPv6 public network present therebetween. However,each of the organizations has an IPv4 network, and accordingly, a tunnelwill be provided in the organization.

Here, in the case of providing the 6to4 tunnel, when the communicationis made by embedding an IPv4 private address of its own terminal, aprefix of higher-order 48 bits of the IPv6 address becomes the samebetween the IPv6 terminal A and the IPv6 terminal B.

It becomes impossible for the relay apparatus present in the IPv6 publicnetwork to adequately perform a relay operation because, to the relayapparatus, the organization A and the organization B seem to have IPv6networks with the same prefix.

In the present invention, in the case where the router C receives thepacket having the IPv4 private address embedded thereinto, the router Cdiscards the packet, thus making it possible to solve the problemdescribed above. Further, by adopting such a configuration, it ispossible to permit the communication at the time of providing the tunnelof the 6to4 format without checking the type of the address even if theembedded IPv4 address is a private address.

In such a way, it becomes possible to freely provide the 6to4 tunneleven in the network managed by using the IPv4 private addresses as inthe organization, and it becomes possible to avoid the problem.

Further, it is made possible for each tunnel to make selection as towhether or not the embedded IPv4 address is compliant with theconventional regulation to permit only the global address. Thus, aproblem of transmission of a protocol-violating packet such asoutputting the IPv4 private address to an area of a communication to theoutside (communication via the IPv4 public network) can also be solved.

Further, the various settings described above are enabled for eachtunnel, and accordingly, it is also made possible to cope with both ofthe internal and external communications of the IPv4 private network byselecting the conventional method/expansion method.

By introducing the terminal and the relay apparatus 4, which areimplemented with this method, into the in-house IPv4 private network,the automatic tunnel of the 6to4 format using the private addressbecomes usable also for the internal communication, and management costin the case of performing manual settings not to transmit the packetusing the private address to the public network becomes unnecessary.

The communication apparatus of the present invention can use the privateaddress in a network where different communication protocols mixedlyexist.

1. A communication apparatus to be used between a first communicationgroup including one or two or more communication terminals that performcommunications by a first type of communication protocol and a secondcommunication group including one or two or more communication terminalsthat perform communications by a second type of communication protocolcapable of embedding address information for use in the firstcommunication group, comprising: a first storage unit, in which adestination address to the first communication group or the secondcommunication group, and tunnel identification information foridentifying attribute information of a route specified by addressinformation for use in the first communication group when a packettransmitted from the second communication group via the firstcommunication group to another second communication group isencapsulated by the address information for use in the first group andpassed through the first communication group, are registered; adestination retrieval unit which makes retrieval as to whether or not adestination address extracted from the received packet is registered inthe first storage unit; a second storage unit, in which communicationenable/disable information indicating whether or not the route on thefirst communication group, the route being designated by using thetunnel identification information, is constructible by a private addressor whether or not the route is constructible by a global address, isregistered; an encapsulation processing unit which extracts the addressinformation for use in the first communication group from thedestination address to encapsulate the packet; and a control unit whichmakes control as to whether or not the encapsulation is to be performedin accordance with the communication enable/disable information of thesecond storage unit.
 2. The communication apparatus according to claim1, further comprising: a decapsulation information storage unit in whichinformation for identifying a packet as an object of decapsulation whichrestores the encapsulated packet to an original form thereof isregistered; and a decapsulation processing unit which decapsulates thereceived packet in accordance with the information in the decapsulationinformation storage unit.
 3. The communication apparatus according toclaim 1, further comprising: a discarded information storage unit inwhich information indicating whether or not the received packet is apacket to be discarded is registered; and a packet discard unit whichdiscards the received packet in accordance with the information in thediscarded information storage unit.
 4. The communication apparatusaccording to claim 1, wherein the first storage unit further includesencapsulation information indicating whether or not the encapsulation isto be performed by IPv4 or IPv6, and the encapsulation processing unitencapsulates the packet by IPv4 or IPv6 in accordance with theencapsulation information.
 5. The communication apparatus according toclaim 1, wherein the second storage unit further includes packetconversion information indicating whether or not a packet of a 6to4format is to be encapsulated, and the encapsulation processing unitencapsulates the packet of the 6to4 format in accordance with the packetconversion information.
 6. The communication apparatus according toclaim 1, wherein the encapsulation processing unit executes the discardof the packet or the encapsulation processing for the packet inaccordance with the communication enable/disable information.
 7. Thecommunication apparatus according to claim 1, wherein the encapsulationprocessing unit is capable of referring to plural pieces of tunnelidentification information registered in a second table, and theencapsulation processing unit refers to, for each tunnel, informationindicating whether or not to execute each of a first method permittingonly a communication in which the destination address is the globaladdress and a second method permitting only a communication in which thedestination address is the private address.
 8. The communicationapparatus according to claim 7, wherein, when a tunnel packet in whichthe destination address is the global address is received with respectto a tunnel interface in which only the second method is selected, theencapsulation processing unit discards the tunnel packet withoutperforming the communication.
 9. The communication apparatus accordingto claim 7, wherein, when a packet having an IPv6 address in which anIPv4 global address for use in a first network is embedded as thedestination address is encapsulated into an IPv4 packet and transmittedto the tunnel interface in which only the second method is selected, theencapsulation processing unit discards the packet having the IPv6 packetwithout setting the packet as an object to be transmitted.
 10. Thecommunication apparatus according to claim 7, wherein, when the packetin which the destination address is encapsulated by the IPv4 globaladdress is received with respect to a tunnel interface in which only thefirst method is selected, or when the packet in which the destinationaddress is the IPv6 address having the IPv4 global address embeddedthereinto is encapsulated into the IPv4 packet and transmitted to thetunnel interface, the encapsulation processing unit transmits/receivesthe encapsulated packet without discarding the encapsulated packet. 11.The communication apparatus according to claim 7, wherein, when asetting of executing the first method or the second method is made, theencapsulation processing unit refers to information indicating whetheror not to enable the setting when the packet is transmitted or when thepacket is received.
 12. The communication apparatus according to claim1, wherein the communication apparatus comprises any one of thecommunication terminal, a relay apparatus, a server, and an apparatus ona network capable of performing the encapsulation through a tunnel of a6to4 format.
 13. A communication method to be used between a firstcommunication group including one or two or more communication terminalsthat perform communications by a first type of communication protocoland a second communication group including one or two or morecommunication terminals that perform communications by a second type ofcommunication protocol capable of embedding address information for usein the first communication group, comprising: a first storage step ofstoring for reference, a destination address to the first communicationgroup or the second communication group, and tunnel identificationinformation for identifying attribute information of a route specifiedby address information for use in the first communication group when apacket transmitted from the second communication group via the firstcommunication group to another second communication group isencapsulated by the address information for use in the first group andpassed through the first communication group; a destination retrievalstep of performing retrieval as to whether or not a destination addressextracted from the received packet is registered in the first storagestep; a second storage step of storing for reference, in whichcommunication enable/disable information indicating whether or not theroute on the first communication group, the route being designated byusing the tunnel identification information, is constructible by aprivate address or whether or not the route is constructible by a globaladdress; an encapsulation processing step of extracting the addressinformation for use in the first communication group from thedestination address to encapsulate the packet; and a control step ofperforming control as to whether or not the encapsulation is to beperformed in accordance with the communication enable/disableinformation in the second storage step.
 14. The communication methodaccording to claim 13, further comprising: a decapsulation informationstorage step of storing for reference, information for identifying apacket as an object of decapsulation which returns the encapsulatedpacket to an original form thereof; and a decapsulation processing stepof decapsulating the received packet in accordance with the informationin the decapsulation information storage step.
 15. The communicationmethod according to claim 13, further comprising: a discardedinformation storage step of registering information indicating whetheror not the received packet is a packet to be discarded; and a packetdiscard step of discarding the received packet in accordance with theinformation in the discarded information storage step.
 16. Thecommunication method according to claim 13, wherein the first storagestep further stores encapsulation information indicating whether or notthe encapsulation is to be performed by IPv4 or IPv6, and theencapsulation processing step includes encapsulating the packet by IPv4or IPv6 in accordance with the encapsulation information.
 17. Thecommunication method according to claim 13, wherein the second storagestep further stores packet conversion information indicating whether ornot a packet of a 6to4 format is to be encapsulated, and theencapsulation processing step includes encapsulating the packet of the6to4 format in accordance with the packet conversion information. 18.The communication method according to claim 13, wherein theencapsulation processing step includes executing the discard of thepacket or the encapsulation processing for the packet in accordance withthe communication enable/disable information.
 19. The communicationmethod according to claim 13, wherein the encapsulation processing stepallows reference to plural pieces of tunnel identification informationregistered in a second table, and the encapsulation processing stepincludes referring to, for each tunnel, information indicating whetheror not to execute each of a first method permitting only a communicationin which the destination address is the global address and a secondmethod permitting only a communication in which the destination addressis the private address.
 20. The communication method according to claim19, wherein when a tunnel packet in which the destination address is theglobal address is received with respect to a tunnel interface in whichonly the second method is selected, the encapsulation processing stepincludes discarding the tunnel packet without performing thecommunication.
 21. The communication method according to claim 19,wherein when a packet having an IPv6 address in which an IPv4 globaladdress for use in a first network is embedded as the destinationaddress is encapsulated into an IPv4 packet and transmitted to thetunnel interface in which only the second method is selected, theencapsulation processing step includes discarding the packet having theIPv6 packet without setting the packet as an object to be transmitted.22. The communication apparatus according to claim 19, wherein when thepacket in which the destination address is encapsulated by the IPv4global address is received with respect to a tunnel interface in whichonly the first method is selected, or when the packet in which thedestination address is the IPv6 address having the IPv4 global addressembedded thereinto is encapsulated into the IPv4 packet and transmittedto the tunnel interface, the encapsulation processing step includestransmitting/receiving the encapsulated packet without discarding theencapsulated packet.
 23. The communication method according to claim 19wherein when a setting of executing the first method or the secondmethod is made, the encapsulation processing step includes referring toinformation indicating whether or not to enable the setting when thepacket is transmitted or when the packet is received.
 24. Acommunication program to be used between a first communication groupincluding one or two or more communication terminals that performcommunications by a first type of communication protocol and a secondcommunication group including one or two or more communication terminalsthat perform communications by a second type of communication protocolcapable of embedding address information for use in the firstcommunication group, the program causing a computer to execute: a firststorage step of storing for reference, a destination address to thefirst communication group or the second communication group, and tunnelidentification information for identifying attribute information of aroute specified by address information for use in the firstcommunication group when a packet transmitted from the secondcommunication group via the first communication group to another secondcommunication group is encapsulated by the address information for usein the first group and passed through the first communication group; adestination retrieval step of performing retrieval so as to whether ornot a destination address extracted from the received packet isregistered in the first storage step; a second storage step of storingfor reference, in which communication enable/disable informationindicating whether or not the route on the first communication group,the route being designated by using the tunnel identificationinformation, is constructible by a private address or whether or not theroute is constructible by a global address; an encapsulation processingstep of extracting the address information for use in the firstcommunication group from the destination address to encapsulate thepacket; and a control step of performing control as to whether or notthe encapsulation is to be performed in accordance with thecommunication enable/disable information in the second storage step. 25.The communication program according to claim 24, wherein the programfurther causes the computer to execute: a decapsulation informationstorage step of storing for reference, information for identifying apacket as an object of decapsulation which returns the encapsulatedpacket to an original form thereof; and a decapsulation processing stepof decapsulating the received packet in accordance with the informationin the decapsulation information storage step.
 26. The communicationprogram according to claim 24, wherein the program further causes thecomputer to execute: a discarded information storage step of registeringinformation indicating whether or not the received packet is a packet tobe discarded; and a packet discard step of discarding the receivedpacket in accordance with the information in the discarded informationstorage step.
 27. The communication program according to claim 24,wherein the first storage step further stores encapsulation informationindicating whether or not the encapsulation is to be performed by IPv4or IPv6, and the encapsulation processing step includes encapsulatingthe packet by IPv4 or IPv6 in accordance with the encapsulationinformation.
 28. The communication program according to claim 24,wherein the second storage step further stores packet conversioninformation indicating whether or not a packet of a 6to4 format is to beencapsulated, and the encapsulation processing step includesencapsulating the packet of the 6to4 format in accordance with thepacket conversion information.
 29. The communication program accordingto claim 24, wherein the encapsulation processing step includesexecuting the discard of the packet or the encapsulation processing forthe packet in accordance with the communication enable/disableinformation.
 30. The communication program according to claim 24,wherein the encapsulation processing step allows reference to pluralpieces of tunnel identification information registered in a secondtable, and the encapsulation processing step includes referring to, foreach tunnel, information indicating whether or not to execute each of afirst method permitting only a communication in which the destinationaddress is the global address and a second method permitting only acommunication in which the destination address is the private address.31. The communication program according to claim 30, wherein when atunnel packet in which the destination address is the global address isreceived with respect to a tunnel interface in which only the secondmethod is selected, the encapsulation processing step includesdiscarding the tunnel packet without performing the communication. 32.The communication program according to claim 30, wherein when a packethaving an IPv6 address in which an IPv4 global address for use in afirst network is embedded as the destination address is encapsulatedinto an IPv4 packet and transmitted to the tunnel interface in whichonly the second method is selected, the encapsulation processing stepincludes discarding the packet having the IPv6 packet without settingthe packet as an object to be transmitted.
 33. The communication programaccording to claim 19, wherein when the packet in which the destinationaddress is encapsulated by the IPv4 global address is received withrespect to a tunnel interface in which only the first method isselected, or when the packet in which the destination address is theIPv6 address having the IPv4 global address embedded thereinto isencapsulated into the IPv4 packet and transmitted to the tunnelinterface, the encapsulation processing step includestransmitting/receiving the encapsulated packet without discarding theencapsulated packet.
 34. The communication program according to claim30, wherein when a setting of executing the first method or the secondmethod is made, the encapsulation processing step includes referring toinformation indicating whether or not to enable the setting when thepacket is transmitted or when the packet is received.